From owner-freebsd-questions@FreeBSD.ORG Mon Jan 11 14:01:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6A75106566B for ; Mon, 11 Jan 2010 14:01:10 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id 665EC8FC18 for ; Mon, 11 Jan 2010 14:01:10 +0000 (UTC) Received: from seis.bris.ac.uk ([137.222.10.93]) by dirg.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1NUKpO-0005Sb-5j for freebsd-questions@freebsd.org; Mon, 11 Jan 2010 14:01:09 +0000 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1NUKpN-0003eT-K7 for freebsd-questions@freebsd.org; Mon, 11 Jan 2010 14:01:05 +0000 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3) with ESMTP id o0BE15fm061427 for ; Mon, 11 Jan 2010 14:01:05 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3/Submit) id o0BE15pL061426 for freebsd-questions@freebsd.org; Mon, 11 Jan 2010 14:01:05 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Mon, 11 Jan 2010 14:01:05 +0000 From: Anton Shterenlikht To: freebsd-questions@freebsd.org Message-ID: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -1.5 X-Spam-Level: - Subject: denying spam hosts ssh access - good idea? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 14:01:10 -0000 I'm thinking of denying ssh access to host from which I get brute force ssh attacks. HOwever, I see in /etc/hosts.allow: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny Why is it not a good idea? Also, apparently in older ssh there was DenyHosts option, but no longer in the current version. Is there a replacement for DenyHOsts? Or is there a good reason for such option not to be used? many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423